| DISA_STIG_Microsoft_Outlook_2016_v2r3.audit from DISA Microsoft Outlook 2016 v2r3 STIG | |
| DTOO104 - Disabling of user name and password syntax from being used in URLs must be enforced. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO111 - Enabling IE Bind to Object functionality must be present. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO117 - Saved from URL mark to assure Internet zone processing must be enforced. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO123 - Navigation to URLs embedded in Office products must be blocked. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO124 - Scripted Window Security must be enforced. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO126 - Add-on Management functionality must be allowed. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO129 - Links that invoke instances of Internet Explorer from within an Office product must be blocked. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO132 - File Downloads must be configured for proper restrictions. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO209 - Protection from zone elevation must be enforced. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO211 - ActiveX Installs must be configured for proper restriction. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO214 - Read EMail as plain text must be enforced. | CONFIGURATION MANAGEMENT |
| DTOO215 - Read signed email as plain text must be enforced. | CONFIGURATION MANAGEMENT |
| DTOO216 - Publishing calendars to Office Online must be prevented. | CONFIGURATION MANAGEMENT |
| DTOO217 - Publishing to a Web Distributed and Authoring (DAV) server must be prevented. | CONFIGURATION MANAGEMENT |
| DTOO218 - Level of calendar details that a user can publish must be restricted. | CONFIGURATION MANAGEMENT |
| DTOO219 - Access restriction settings for published calendars must be configured. | CONFIGURATION MANAGEMENT |
| DTOO232 - Outlook Object Model scripts must be disallowed to run for shared folders. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO233 - Outlook Object Model scripts must be disallowed to run for public folders. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO234 - ActiveX One-Off forms must be configured. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO236 - The Add-In Trust Level must be configured. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO237 - The remember password for internet e-mail accounts must be disabled. | IDENTIFICATION AND AUTHENTICATION |
| DTOO238 - Users customizing attachment security settings must be prevented. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO239 - Outlook Security Mode must be configured to use Group Policy settings. | CONFIGURATION MANAGEMENT |
| DTOO240 - The ability to display level 1 attachments must be disallowed. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO244 - Level 1 file extensions must be blocked and not removed. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO245 - Level 2 file extensions must be blocked and not removed. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO246 - Scripts in One-Off Outlook forms must be disallowed. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO247 - Custom Outlook Object Model (OOM) action execution prompts must be configured. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO249 - Object Model Prompt for programmatic email send behavior must be configured. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO250 - Object Model Prompt behavior for programmatic address books must be configured. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO251 - Object Model Prompt behavior for programmatic access of user address data must be configured. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO252 - Object Model Prompt behavior for Meeting and Task Responses must be configured. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO253 - Object Model Prompt behavior for the SaveAs method must be configured. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO254 - Object Model Prompt behavior for accessing User Property Formula must be configured. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO256 - Trusted add-ins behavior for email must be configured. | CONFIGURATION MANAGEMENT |
| DTOO257 - S/Mime interoperability with external clients for message handling must be configured. | IDENTIFICATION AND AUTHENTICATION |
| DTOO260 - Message formats must be set to use SMime. | IDENTIFICATION AND AUTHENTICATION |
| DTOO262 - Run in FIPS compliant mode must be enforced. | IDENTIFICATION AND AUTHENTICATION |
| DTOO264 - Send all signed messages as clear signed messages must be configured. | CONFIGURATION MANAGEMENT |
| DTOO266 - Automatic sending s/Mime receipt requests must be disallowed. | CONFIGURATION MANAGEMENT |
| DTOO267 - Retrieving of CRL data must be set for online action. | IDENTIFICATION AND AUTHENTICATION |
| DTOO270 - External content and pictures in HTML email must be displayed. | CONFIGURATION MANAGEMENT |
| DTOO271 - Automatic download content for email in Safe Senders list must be disallowed. | CONFIGURATION MANAGEMENT |
| DTOO272 - Permit download of content from safe zones must be configured. | CONFIGURATION MANAGEMENT |
| DTOO273 - IE Trusted Zones assumed trusted must be blocked. | CONFIGURATION MANAGEMENT |
| DTOO274 - Internet with Safe Zones for Picture Download must be disabled. | CONFIGURATION MANAGEMENT |
| DTOO275 - Intranet with Safe Zones for automatic picture downloads must be configured. | CONFIGURATION MANAGEMENT |
| DTOO276 - Always warn on untrusted macros must be enforced. | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO277 - Hyperlinks in suspected phishing email messages must be disallowed. | CONFIGURATION MANAGEMENT |
